CVE List - 2021 / November
Showing 701 - 800 of 1508 CVEs for November 2021 (Page 8 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-26558 | 2021-11-11 | Deserialization of Untrusted Data |
| CVE-2021-43350 | 2021-11-11 | LDAP filter injection vulnerability in Traffic Ops |
| CVE-2021-3907 | 2021-11-11 | Arbitrary filepath traversal via URI injection |
| CVE-2021-3908 | 2021-11-11 | Infinite certificate chain depth results in OctoRPKI running forever |
| CVE-2021-3909 | 2021-11-11 | Infinite open connection causes OctoRPKI to hang forever |
| CVE-2021-3910 | 2021-11-11 | NUL character in ROA causes OctoRPKI to crash |
| CVE-2021-3911 | 2021-11-11 | Misconfigured IP address field in ROA leads to OctoRPKI crash |
| CVE-2021-3912 | 2021-11-11 | OctoRPKI crashes when processing GZIP bomb returned via malicious repository |
| CVE-2021-34422 | 2021-11-11 | Path traversal of file names in Keybase Client for Windows |
| CVE-2021-34421 | 2021-11-11 | Retained exploded messages in Keybase Clients for Android and iOS |
| CVE-2021-34420 | 2021-11-11 | Zoom Windows installation executable signature bypass |
| CVE-2021-34419 | 2021-11-11 | HTML injection in Zoom Linux client |
| CVE-2021-34418 | 2021-11-11 | Pre-auth Null pointer crash in on-premise web console |
| CVE-2021-34417 | 2021-11-11 | Authenticated remote command execution with root privileges via web console in MMR |
| CVE-2021-41229 | 2021-11-12 | Memory leak in BlueZ |
| CVE-2021-42774 | 2021-11-12 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature... |
| CVE-2021-42773 | 2021-11-12 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a... |
| CVE-2021-42775 | 2021-11-12 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could... |
| CVE-2021-37910 | 2021-11-12 | ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication |
| CVE-2021-1903 | 2021-11-12 | Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2021-1912 | 2021-11-12 | Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-1921 | 2021-11-12 | Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-1924 | 2021-11-12 | Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2021-1973 | 2021-11-12 | A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,... |
| CVE-2021-1975 | 2021-11-12 | Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... |
| CVE-2021-1979 | 2021-11-12 | Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-1981 | 2021-11-12 | Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-1982 | 2021-11-12 | Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
| CVE-2021-30254 | 2021-11-12 | Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... |
| CVE-2021-30255 | 2021-11-12 | Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon... |
| CVE-2021-30259 | 2021-11-12 | Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2021-30263 | 2021-11-12 | Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
| CVE-2021-30264 | 2021-11-12 | Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2021-30265 | 2021-11-12 | Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2021-30266 | 2021-11-12 | Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-30284 | 2021-11-12 | Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2021-30321 | 2021-11-12 | Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity |
| CVE-2021-21699 | 2021-11-12 | Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by... |
| CVE-2021-21700 | 2021-11-12 | Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability... |
| CVE-2021-21701 | 2021-11-12 | Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-43576 | 2021-11-12 | Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse... |
| CVE-2021-43577 | 2021-11-12 | Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2021-43578 | 2021-11-12 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to... |
| CVE-2021-3934 | 2021-11-12 | OS Command Injection in ohmyzsh/ohmyzsh |
| CVE-2021-43496 | 2021-11-12 | Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can... |
| CVE-2021-43494 | 2021-11-12 | OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can... |
| CVE-2021-43493 | 2021-11-12 | ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute... |
| CVE-2021-43492 | 2021-11-12 | AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid... |
| CVE-2020-4140 | 2021-11-12 | IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2020-4146 | 2021-11-12 | IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information.... |
| CVE-2021-38972 | 2021-11-12 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are... |
| CVE-2021-38973 | 2021-11-12 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are... |
| CVE-2021-38985 | 2021-11-12 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are... |
| CVE-2021-41254 | 2021-11-12 | Privilege escalation to cluster admin on multi-tenant environments |
| CVE-2021-43579 | 2021-11-12 | A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. |
| CVE-2021-41264 | 2021-11-12 | UUPSUpgradeable vulnerability in OpenZeppelin Contracts |
| CVE-2021-41972 | 2021-11-12 | Credentials leak |
| CVE-2021-39303 | 2021-11-12 | The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability. |
| CVE-2021-43331 | 2021-11-12 | In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. |
| CVE-2021-43332 | 2021-11-12 | In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator... |
| CVE-2021-42563 | 2021-11-12 | There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into... |
| CVE-2021-43611 | 2021-11-12 | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header. |
| CVE-2021-43610 | 2021-11-12 | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. |
| CVE-2020-21141 | 2021-11-12 | iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. |
| CVE-2021-3519 | 2021-11-12 | A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. |
| CVE-2021-3577 | 2021-11-12 | An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. |
| CVE-2021-3599 | 2021-11-12 | A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary... |
| CVE-2021-3718 | 2021-11-12 | A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. |
| CVE-2021-3719 | 2021-11-12 | A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an... |
| CVE-2021-3720 | 2021-11-12 | An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device... |
| CVE-2021-3723 | 2021-11-12 | A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the... |
| CVE-2021-3786 | 2021-11-12 | A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM... |
| CVE-2021-3787 | 2021-11-12 | A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to... |
| CVE-2021-3788 | 2021-11-12 | An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. |
| CVE-2021-3789 | 2021-11-12 | An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update... |
| CVE-2021-3790 | 2021-11-12 | A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service... |
| CVE-2021-3791 | 2021-11-12 | An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive... |
| CVE-2021-3792 | 2021-11-12 | Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. |
| CVE-2021-3793 | 2021-11-12 | An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages... |
| CVE-2021-3840 | 2021-11-12 | A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in... |
| CVE-2021-3843 | 2021-11-12 | A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2021-21528 | 2021-11-12 | Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. |
| CVE-2021-36305 | 2021-11-12 | Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially... |
| CVE-2021-36315 | 2021-11-12 | Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is... |
| CVE-2021-36323 | 2021-11-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2021-36324 | 2021-11-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2021-36325 | 2021-11-12 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2021-3918 | 2021-11-13 | Prototype Pollution in kriszyp/json-schema |
| CVE-2021-43616 | 2021-11-13 | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the... |
| CVE-2021-34357 | 2021-11-13 | Reflected XSS Vulnerability in QmailAgent |
| CVE-2021-38684 | 2021-11-13 | Buffer Overflow Vulnerability in Multimedia Console |
| CVE-2021-3945 | 2021-11-13 | Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk |
| CVE-2021-3938 | 2021-11-13 | Cross-site Scripting (XSS) - Generic in snipe/snipe-it |
| CVE-2021-3932 | 2021-11-13 | Cross-Site Request Forgery (CSRF) in area17/twill |
| CVE-2021-3931 | 2021-11-13 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-3921 | 2021-11-13 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3915 | 2021-11-13 | Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack |
| CVE-2021-3776 | 2021-11-13 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3775 | 2021-11-13 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3683 | 2021-11-13 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |